@oculum/scanner 1.0.9 → 1.0.11

package/dist/layer3/anthropic/providers/openai.js

@@ -0,0 +1,340 @@
+"use strict";
+/**
+ * OpenAI Provider Implementation
+ *
+ * Validation using OpenAI GPT-5-mini model.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateWithOpenAI = validateWithOpenAI;
+exports.clearOpenAICache = clearOpenAICache;
+const project_context_builder_1 = require("../../../utils/project-context-builder");
+const types_1 = require("../types");
+const clients_1 = require("../clients");
+const retry_1 = require("../utils/retry");
+const response_parser_1 = require("../utils/response-parser");
+const request_builder_1 = require("../request-builder");
+const validation_1 = require("../prompts/validation");
+// Cache for project context (built once per scan)
+let cachedProjectContext = null;
+/**
+ * Validate findings using OpenAI GPT-5-mini
+ * This mirrors the Anthropic validation flow but uses OpenAI's API
+ */
+async function validateWithOpenAI(findings, files, projectContext, stats) {
+    const client = (0, clients_1.getOpenAIClient)();
+    // Build or use cached project context
+    const context = projectContext || cachedProjectContext || (0, project_context_builder_1.buildProjectContext)(files);
+    if (!projectContext && !cachedProjectContext) {
+        cachedProjectContext = context;
+        console.log('[OpenAI Validation] Built project context:', {
+            hasAuthMiddleware: context.auth.hasGlobalMiddleware,
+            authProvider: context.auth.authProvider,
+            orm: context.dataAccess.orm,
+            framework: context.frameworks.primary,
+        });
+    }
+    // Group findings by file for efficient validation
+    const findingsByFile = new Map();
+    for (const finding of findings) {
+        const existing = findingsByFile.get(finding.filePath) || [];
+        existing.push(finding);
+        findingsByFile.set(finding.filePath, existing);
+    }
+    const validatedFindings = [];
+    const fileEntries = Array.from(findingsByFile.entries());
+    // Track metrics (thread-safe accumulator)
+    let totalApiBatches = 0;
+    const statsLock = (0, types_1.createStatsAccumulator)();
+    const totalFileBatches = Math.ceil(fileEntries.length / clients_1.FILES_PER_API_BATCH);
+    console.log(`[OpenAI Validation] Processing ${fileEntries.length} files in ${totalFileBatches} API batch(es) (${clients_1.PARALLEL_API_BATCHES} parallel)`);
+    // Create all batch definitions
+    const allBatches = [];
+    for (let batchStart = 0; batchStart < fileEntries.length; batchStart += clients_1.FILES_PER_API_BATCH) {
+        const fileBatch = fileEntries.slice(batchStart, batchStart + clients_1.FILES_PER_API_BATCH);
+        const batchNum = Math.floor(batchStart / clients_1.FILES_PER_API_BATCH) + 1;
+        allBatches.push({ batchNum, fileBatch });
+    }
+    // Process a single batch - returns validated findings for that batch
+    const processBatch = async (batchDef) => {
+        const { batchNum, fileBatch } = batchDef;
+        const batchFindings = [];
+        // Prepare file data for batch request
+        const fileDataList = [];
+        const filesWithoutContent = [];
+        for (const [filePath, fileFindings] of fileBatch) {
+            const file = files.find(f => f.path === filePath);
+            if (!file) {
+                filesWithoutContent.push({ filePath, findings: fileFindings });
+            }
+            else {
+                fileDataList.push({ file, findings: fileFindings, filePath });
+            }
+        }
+        // Handle files without content
+        for (const { findings: fileFindings } of filesWithoutContent) {
+            for (const f of fileFindings) {
+                batchFindings.push({
+                    ...f,
+                    validatedByAI: false,
+                    validationStatus: 'not_validated',
+                    validationNotes: 'File content not available for validation',
+                });
+            }
+        }
+        if (fileDataList.length === 0) {
+            return batchFindings;
+        }
+        try {
+            // Build multi-file validation request
+            const validationRequest = (0, request_builder_1.buildMultiFileValidationRequest)(fileDataList.map(({ file, findings: fileFindings }) => ({ file, findings: fileFindings })), context);
+            // Call OpenAI GPT-5-mini with retry logic
+            const response = await (0, retry_1.makeOpenAIRequestWithRetry)(async () => client.chat.completions.create({
+                model: 'gpt-5-mini-2025-08-07',
+                messages: [
+                    { role: 'system', content: validation_1.HIGH_CONTEXT_VALIDATION_PROMPT },
+                    { role: 'user', content: validationRequest },
+                ],
+                max_completion_tokens: 4096, // Sufficient for larger batches with many findings
+                response_format: {
+                    type: 'json_schema',
+                    json_schema: {
+                        name: 'validation_response',
+                        strict: true,
+                        schema: {
+                            type: 'object',
+                            properties: {
+                                validations: {
+                                    type: 'array',
+                                    items: {
+                                        type: 'object',
+                                        properties: {
+                                            file: { type: 'string' },
+                                            validations: {
+                                                type: 'array',
+                                                items: {
+                                                    type: 'object',
+                                                    properties: {
+                                                        index: { type: 'number' },
+                                                        keep: { type: 'boolean' },
+                                                        notes: {
+                                                            type: ['string', 'null'],
+                                                            default: null
+                                                        },
+                                                        adjustedSeverity: {
+                                                            type: ['string', 'null'],
+                                                            enum: ['critical', 'high', 'medium', 'low', 'info', null],
+                                                            default: null
+                                                        },
+                                                        impact: {
+                                                            type: ['string', 'null'],
+                                                            description: 'Context-aware explanation of why this matters (1-2 sentences)',
+                                                            default: null
+                                                        },
+                                                        fixSuggestion: {
+                                                            type: ['string', 'null'],
+                                                            description: 'Specific, actionable fix for this code context',
+                                                            default: null
+                                                        }
+                                                    },
+                                                    required: ['index', 'keep', 'notes', 'adjustedSeverity', 'impact', 'fixSuggestion'],
+                                                    additionalProperties: false
+                                                }
+                                            }
+                                        },
+                                        required: ['file', 'validations'],
+                                        additionalProperties: false
+                                    }
+                                }
+                            },
+                            required: ['validations'],
+                            additionalProperties: false
+                        }
+                    }
+                }
+            }));
+            // Track API call stats (accumulate to shared stats)
+            statsLock.apiCalls++;
+            // Extract token usage from OpenAI response
+            const usage = response.usage;
+            if (usage) {
+                const promptTokens = usage.prompt_tokens || 0;
+                const completionTokens = usage.completion_tokens || 0;
+                const cachedTokens = usage.prompt_tokens_details?.cached_tokens || 0;
+                const freshInputTokens = promptTokens - cachedTokens;
+                statsLock.estimatedInputTokens += freshInputTokens;
+                statsLock.estimatedOutputTokens += completionTokens;
+                statsLock.cacheReadTokens += cachedTokens;
+                console.log(`[OpenAI] Batch ${batchNum} tokens: ${promptTokens} input (${cachedTokens} cached), ${completionTokens} output`);
+                const freshCost = (freshInputTokens * clients_1.GPT5_MINI_PRICING.input) / 1000000;
+                const cachedCost = (cachedTokens * clients_1.GPT5_MINI_PRICING.cached) / 1000000;
+                const outputCost = (completionTokens * clients_1.GPT5_MINI_PRICING.output) / 1000000;
+                statsLock.estimatedCost += freshCost + cachedCost + outputCost;
+            }
+            // Parse response content
+            const content = response.choices[0]?.message?.content;
+            if (!content) {
+                for (const { findings: fileFindings } of fileDataList) {
+                    for (const f of fileFindings) {
+                        batchFindings.push({
+                            ...f,
+                            validatedByAI: false,
+                            validationStatus: 'not_validated',
+                            validationNotes: 'No valid response from OpenAI',
+                        });
+                    }
+                }
+                return batchFindings;
+            }
+            // Parse structured JSON response (with validations wrapper from response_format)
+            let parsedContent;
+            try {
+                parsedContent = JSON.parse(content);
+                console.log(`[OpenAI Debug] Raw parsed content keys:`, Object.keys(parsedContent));
+                // Unwrap the validations array if present (from structured output)
+                if (parsedContent.validations && Array.isArray(parsedContent.validations)) {
+                    console.log(`[OpenAI Debug] Unwrapping 'validations' array with ${parsedContent.validations.length} items`);
+                    parsedContent = parsedContent.validations;
+                }
+                else if (Array.isArray(parsedContent)) {
+                    console.log(`[OpenAI Debug] Content is already an array with ${parsedContent.length} items`);
+                }
+                else {
+                    console.log(`[OpenAI Debug] Content structure:`, typeof parsedContent, Array.isArray(parsedContent));
+                }
+            }
+            catch (e) {
+                console.warn('[OpenAI] Failed to parse JSON response:', e);
+                parsedContent = content;
+            }
+            // Parse multi-file response
+            const expectedFiles = fileDataList.map(({ filePath }) => filePath);
+            const validationResultsMap = (0, response_parser_1.parseMultiFileValidationResponse)(typeof parsedContent === 'string' ? parsedContent : JSON.stringify(parsedContent), expectedFiles);
+            console.log(`[OpenAI] Batch ${batchNum} parsed ${validationResultsMap.size} file results from ${fileDataList.length} files`);
+            if (validationResultsMap.size === 0) {
+                console.warn(`[OpenAI] WARNING: No file results parsed! Content type: ${typeof parsedContent}, isArray: ${Array.isArray(parsedContent)}`);
+                if (Array.isArray(parsedContent) && parsedContent.length > 0) {
+                    console.log(`[OpenAI] First item structure:`, Object.keys(parsedContent[0]));
+                }
+            }
+            // Log any missing files from the response (these will be REJECTED)
+            if (validationResultsMap.size !== fileDataList.length) {
+                const missing = fileDataList
+                    .filter(({ filePath }) => !validationResultsMap.has(filePath))
+                    .map(({ filePath }) => filePath);
+                if (missing.length > 0) {
+                    console.warn(`[OpenAI] Missing ${missing.length} files from response (will be REJECTED): ${missing.join(', ')}`);
+                }
+            }
+            // Apply results per file
+            for (const { filePath, findings: fileFindings } of fileDataList) {
+                const fileResults = validationResultsMap.get(filePath);
+                console.log(`[OpenAI] File ${filePath}: ${fileResults?.length || 0} validation results for ${fileFindings.length} findings`);
+                if (!fileResults || fileResults.length === 0) {
+                    const singleFileResults = (0, response_parser_1.parseValidationResponse)(content);
+                    if (singleFileResults.length > 0 && fileDataList.length === 1) {
+                        const { processed: processedFindings, dismissedCount } = (0, response_parser_1.applyValidationResults)(fileFindings, singleFileResults);
+                        statsLock.validatedFindings += processedFindings.length + dismissedCount;
+                        statsLock.dismissedFindings += dismissedCount;
+                        for (const processed of processedFindings) {
+                            if (processed.validationStatus === 'confirmed')
+                                statsLock.confirmedFindings++;
+                            else if (processed.validationStatus === 'downgraded')
+                                statsLock.downgradedFindings++;
+                            batchFindings.push(processed);
+                        }
+                    }
+                    else {
+                        // No validation results - REJECT all findings for this file (conservative approach)
+                        console.warn(`[OpenAI] No validation results for ${filePath} - REJECTING ${fileFindings.length} findings`);
+                        statsLock.validatedFindings += fileFindings.length;
+                        statsLock.dismissedFindings += fileFindings.length;
+                        // Don't add to batchFindings - findings are rejected
+                    }
+                }
+                else {
+                    const { processed: processedFindings, dismissedCount } = (0, response_parser_1.applyValidationResults)(fileFindings, fileResults);
+                    statsLock.validatedFindings += processedFindings.length + dismissedCount;
+                    statsLock.dismissedFindings += dismissedCount;
+                    for (const processed of processedFindings) {
+                        if (processed.validationStatus === 'confirmed')
+                            statsLock.confirmedFindings++;
+                        else if (processed.validationStatus === 'downgraded')
+                            statsLock.downgradedFindings++;
+                        batchFindings.push(processed);
+                    }
+                }
+            }
+        }
+        catch (error) {
+            console.error(`[OpenAI Validation] Error in batch ${batchNum}:`, error);
+            for (const { findings: fileFindings } of fileDataList) {
+                for (const f of fileFindings) {
+                    batchFindings.push({
+                        ...f,
+                        validatedByAI: false,
+                        validationStatus: 'not_validated',
+                        validationNotes: 'Validation failed due to API error',
+                    });
+                }
+            }
+        }
+        return batchFindings;
+    };
+    // Process batches in parallel groups
+    const startTime = Date.now();
+    for (let i = 0; i < allBatches.length; i += clients_1.PARALLEL_API_BATCHES) {
+        const parallelGroup = allBatches.slice(i, i + clients_1.PARALLEL_API_BATCHES);
+        const batchNums = parallelGroup.map(b => b.batchNum).join(', ');
+        console.log(`[OpenAI Validation] Processing batches ${batchNums} in parallel`);
+        const results = await Promise.all(parallelGroup.map(processBatch));
+        for (const batchResults of results) {
+            validatedFindings.push(...batchResults);
+        }
+        totalApiBatches += parallelGroup.length;
+    }
+    const totalDuration = Date.now() - startTime;
+    // Copy accumulated stats back
+    stats.apiCalls = statsLock.apiCalls;
+    stats.estimatedInputTokens = statsLock.estimatedInputTokens;
+    stats.estimatedOutputTokens = statsLock.estimatedOutputTokens;
+    stats.cacheReadTokens = statsLock.cacheReadTokens;
+    stats.estimatedCost = statsLock.estimatedCost;
+    stats.validatedFindings = statsLock.validatedFindings;
+    stats.confirmedFindings = statsLock.confirmedFindings;
+    stats.dismissedFindings = statsLock.dismissedFindings;
+    stats.downgradedFindings = statsLock.downgradedFindings;
+    // Calculate cache hit rate
+    const totalCacheableTokens = stats.cacheCreationTokens + stats.cacheReadTokens;
+    stats.cacheHitRate = totalCacheableTokens > 0
+        ? stats.cacheReadTokens / totalCacheableTokens
+        : 0;
+    // Log validation stats
+    const avgTimePerFileMs = fileEntries.length > 0
+        ? (totalDuration / fileEntries.length).toFixed(0)
+        : '0';
+    const totalDurationSec = (totalDuration / 1000).toFixed(1);
+    console.log(`[OpenAI Validation] Stats:`);
+    console.log(`  - Total findings: ${stats.totalFindings}`);
+    console.log(`  - AI validated: ${stats.validatedFindings}`);
+    console.log(`  - Confirmed: ${stats.confirmedFindings}`);
+    console.log(`  - Dismissed: ${stats.dismissedFindings}`);
+    console.log(`  - Downgraded: ${stats.downgradedFindings}`);
+    console.log(`  - API calls: ${stats.apiCalls}`);
+    console.log(`  - Performance:`);
+    console.log(`    - Total duration: ${totalDurationSec}s`);
+    console.log(`    - Total API batches: ${totalApiBatches}`);
+    console.log(`    - Avg time per file: ${avgTimePerFileMs}ms`);
+    console.log(`  - Token usage:`);
+    console.log(`    - Input (fresh): ${stats.estimatedInputTokens} tokens`);
+    console.log(`    - Cached: ${stats.cacheReadTokens} tokens`);
+    console.log(`    - Output: ${stats.estimatedOutputTokens} tokens`);
+    console.log(`  - Estimated cost: $${stats.estimatedCost.toFixed(4)}`);
+    return { vulnerabilities: validatedFindings, stats };
+}
+/**
+ * Clear cached project context (called after validation complete)
+ */
+function clearOpenAICache() {
+    cachedProjectContext = null;
+}
+//# sourceMappingURL=openai.js.map

package/dist/layer3/anthropic/providers/openai.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"openai.js","sourceRoot":"","sources":["../../../../src/layer3/anthropic/providers/openai.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AAoBH,gDAgWC;AAKD,4CAEC;AAvXD,oFAA4E;AAE5E,oCAAiD;AACjD,wCAA0G;AAC1G,0CAA2D;AAC3D,8DAA4H;AAC5H,wDAAoE;AACpE,sDAAsE;AAEtE,kDAAkD;AAClD,IAAI,oBAAoB,GAA0B,IAAI,CAAA;AAEtD;;;GAGG;AACI,KAAK,UAAU,kBAAkB,CACtC,QAAyB,EACzB,KAAiB,EACjB,cAA0C,EAC1C,KAAsB;IAEtB,MAAM,MAAM,GAAG,IAAA,yBAAe,GAAE,CAAA;IAEhC,sCAAsC;IACtC,MAAM,OAAO,GAAG,cAAc,IAAI,oBAAoB,IAAI,IAAA,6CAAmB,EAAC,KAAK,CAAC,CAAA;IACpF,IAAI,CAAC,cAAc,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC7C,oBAAoB,GAAG,OAAO,CAAA;QAC9B,OAAO,CAAC,GAAG,CAAC,4CAA4C,EAAE;YACxD,iBAAiB,EAAE,OAAO,CAAC,IAAI,CAAC,mBAAmB;YACnD,YAAY,EAAE,OAAO,CAAC,IAAI,CAAC,YAAY;YACvC,GAAG,EAAE,OAAO,CAAC,UAAU,CAAC,GAAG;YAC3B,SAAS,EAAE,OAAO,CAAC,UAAU,CAAC,OAAO;SACtC,CAAC,CAAA;IACJ,CAAC;IAED,kDAAkD;IAClD,MAAM,cAAc,GAAG,IAAI,GAAG,EAA2B,CAAA;IACzD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAA;QAC3D,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QACtB,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;IAChD,CAAC;IAED,MAAM,iBAAiB,GAAoB,EAAE,CAAA;IAC7C,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC,CAAA;IAExD,0CAA0C;IAC1C,IAAI,eAAe,GAAG,CAAC,CAAA;IACvB,MAAM,SAAS,GAAqB,IAAA,8BAAsB,GAAE,CAAA;IAE5D,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,6BAAmB,CAAC,CAAA;IAC5E,OAAO,CAAC,GAAG,CAAC,kCAAkC,WAAW,CAAC,MAAM,aAAa,gBAAgB,mBAAmB,8BAAoB,YAAY,CAAC,CAAA;IAEjJ,+BAA+B;IAC/B,MAAM,UAAU,GAGX,EAAE,CAAA;IAEP,KAAK,IAAI,UAAU,GAAG,CAAC,EAAE,UAAU,GAAG,WAAW,CAAC,MAAM,EAAE,UAAU,IAAI,6BAAmB,EAAE,CAAC;QAC5F,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,CAAC,UAAU,EAAE,UAAU,GAAG,6BAAmB,CAAC,CAAA;QACjF,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,6BAAmB,CAAC,GAAG,CAAC,CAAA;QACjE,UAAU,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,CAAA;IAC1C,CAAC;IAED,qEAAqE;IACrE,MAAM,YAAY,GAAG,KAAK,EACxB,QAA2E,EACjD,EAAE;QAC5B,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,QAAQ,CAAA;QACxC,MAAM,aAAa,GAAoB,EAAE,CAAA;QAEzC,sCAAsC;QACtC,MAAM,YAAY,GAA2E,EAAE,CAAA;QAC/F,MAAM,mBAAmB,GAA2D,EAAE,CAAA;QAEtF,KAAK,MAAM,CAAC,QAAQ,EAAE,YAAY,CAAC,IAAI,SAAS,EAAE,CAAC;YACjD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAA;YACjD,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,mBAAmB,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC,CAAA;YAChE,CAAC;iBAAM,CAAC;gBACN,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,QAAQ,EAAE,CAAC,CAAA;YAC/D,CAAC;QACH,CAAC;QAED,+BAA+B;QAC/B,KAAK,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,mBAAmB,EAAE,CAAC;YAC7D,KAAK,MAAM,CAAC,IAAI,YAAY,EAAE,CAAC;gBAC7B,aAAa,CAAC,IAAI,CAAC;oBACjB,GAAG,CAAC;oBACJ,aAAa,EAAE,KAAK;oBACpB,gBAAgB,EAAE,eAAmC;oBACrD,eAAe,EAAE,2CAA2C;iBAC7D,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;QAED,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,OAAO,aAAa,CAAA;QACtB,CAAC;QAED,IAAI,CAAC;YACH,sCAAsC;YACtC,MAAM,iBAAiB,GAAG,IAAA,iDAA+B,EACvD,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC,CAAC,EAC1F,OAAO,CACR,CAAA;YAED,0CAA0C;YAC1C,MAAM,QAAQ,GAAG,MAAM,IAAA,kCAA0B,EAAC,KAAK,IAAI,EAAE,CAC3D,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC;gBAC7B,KAAK,EAAE,uBAAuB;gBAC9B,QAAQ,EAAE;oBACR,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,2CAA8B,EAAE;oBAC3D,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,iBAAiB,EAAE;iBAC7C;gBACD,qBAAqB,EAAE,IAAI,EAAE,mDAAmD;gBAChF,eAAe,EAAE;oBACf,IAAI,EAAE,aAAa;oBACnB,WAAW,EAAE;wBACX,IAAI,EAAE,qBAAqB;wBAC3B,MAAM,EAAE,IAAI;wBACZ,MAAM,EAAE;4BACN,IAAI,EAAE,QAAQ;4BACd,UAAU,EAAE;gCACV,WAAW,EAAE;oCACX,IAAI,EAAE,OAAO;oCACb,KAAK,EAAE;wCACL,IAAI,EAAE,QAAQ;wCACd,UAAU,EAAE;4CACV,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;4CACxB,WAAW,EAAE;gDACX,IAAI,EAAE,OAAO;gDACb,KAAK,EAAE;oDACL,IAAI,EAAE,QAAQ;oDACd,UAAU,EAAE;wDACV,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;wDACzB,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;wDACzB,KAAK,EAAE;4DACL,IAAI,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC;4DACxB,OAAO,EAAE,IAAI;yDACd;wDACD,gBAAgB,EAAE;4DAChB,IAAI,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC;4DACxB,IAAI,EAAE,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC;4DACzD,OAAO,EAAE,IAAI;yDACd;wDACD,MAAM,EAAE;4DACN,IAAI,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC;4DACxB,WAAW,EAAE,+DAA+D;4DAC5E,OAAO,EAAE,IAAI;yDACd;wDACD,aAAa,EAAE;4DACb,IAAI,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC;4DACxB,WAAW,EAAE,gDAAgD;4DAC7D,OAAO,EAAE,IAAI;yDACd;qDACF;oDACD,QAAQ,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,QAAQ,EAAE,eAAe,CAAC;oDACnF,oBAAoB,EAAE,KAAK;iDAC5B;6CACF;yCACF;wCACD,QAAQ,EAAE,CAAC,MAAM,EAAE,aAAa,CAAC;wCACjC,oBAAoB,EAAE,KAAK;qCAC5B;iCACF;6BACF;4BACD,QAAQ,EAAE,CAAC,aAAa,CAAC;4BACzB,oBAAoB,EAAE,KAAK;yBAC5B;qBACF;iBACF;aACF,CAAC,CACH,CAAA;YAED,oDAAoD;YACpD,SAAS,CAAC,QAAQ,EAAE,CAAA;YAEpB,2CAA2C;YAC3C,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAA;YAC5B,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,YAAY,GAAG,KAAK,CAAC,aAAa,IAAI,CAAC,CAAA;gBAC7C,MAAM,gBAAgB,GAAG,KAAK,CAAC,iBAAiB,IAAI,CAAC,CAAA;gBACrD,MAAM,YAAY,GAAI,KAAa,CAAC,qBAAqB,EAAE,aAAa,IAAI,CAAC,CAAA;gBAC7E,MAAM,gBAAgB,GAAG,YAAY,GAAG,YAAY,CAAA;gBAEpD,SAAS,CAAC,oBAAoB,IAAI,gBAAgB,CAAA;gBAClD,SAAS,CAAC,qBAAqB,IAAI,gBAAgB,CAAA;gBACnD,SAAS,CAAC,eAAe,IAAI,YAAY,CAAA;gBAEzC,OAAO,CAAC,GAAG,CAAC,kBAAkB,QAAQ,YAAY,YAAY,WAAW,YAAY,aAAa,gBAAgB,SAAS,CAAC,CAAA;gBAE5H,MAAM,SAAS,GAAG,CAAC,gBAAgB,GAAG,2BAAiB,CAAC,KAAK,CAAC,GAAG,OAAS,CAAA;gBAC1E,MAAM,UAAU,GAAG,CAAC,YAAY,GAAG,2BAAiB,CAAC,MAAM,CAAC,GAAG,OAAS,CAAA;gBACxE,MAAM,UAAU,GAAG,CAAC,gBAAgB,GAAG,2BAAiB,CAAC,MAAM,CAAC,GAAG,OAAS,CAAA;gBAC5E,SAAS,CAAC,aAAa,IAAI,SAAS,GAAG,UAAU,GAAG,UAAU,CAAA;YAChE,CAAC;YAED,yBAAyB;YACzB,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,CAAA;YACrD,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,KAAK,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,YAAY,EAAE,CAAC;oBACtD,KAAK,MAAM,CAAC,IAAI,YAAY,EAAE,CAAC;wBAC7B,aAAa,CAAC,IAAI,CAAC;4BACjB,GAAG,CAAC;4BACJ,aAAa,EAAE,KAAK;4BACpB,gBAAgB,EAAE,eAAmC;4BACrD,eAAe,EAAE,+BAA+B;yBACjD,CAAC,CAAA;oBACJ,CAAC;gBACH,CAAC;gBACD,OAAO,aAAa,CAAA;YACtB,CAAC;YAED,iFAAiF;YACjF,IAAI,aAAkB,CAAA;YACtB,IAAI,CAAC;gBACH,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;gBACnC,OAAO,CAAC,GAAG,CAAC,yCAAyC,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAA;gBAClF,mEAAmE;gBACnE,IAAI,aAAa,CAAC,WAAW,IAAI,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,WAAW,CAAC,EAAE,CAAC;oBAC1E,OAAO,CAAC,GAAG,CAAC,sDAAsD,aAAa,CAAC,WAAW,CAAC,MAAM,QAAQ,CAAC,CAAA;oBAC3G,aAAa,GAAG,aAAa,CAAC,WAAW,CAAA;gBAC3C,CAAC;qBAAM,IAAI,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;oBACxC,OAAO,CAAC,GAAG,CAAC,mDAAmD,aAAa,CAAC,MAAM,QAAQ,CAAC,CAAA;gBAC9F,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CAAC,mCAAmC,EAAE,OAAO,aAAa,EAAE,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAA;gBACtG,CAAC;YACH,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,IAAI,CAAC,yCAAyC,EAAE,CAAC,CAAC,CAAA;gBAC1D,aAAa,GAAG,OAAO,CAAA;YACzB,CAAC;YAED,4BAA4B;YAC5B,MAAM,aAAa,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAA;YAClE,MAAM,oBAAoB,GAAG,IAAA,kDAAgC,EAC3D,OAAO,aAAa,KAAK,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,EACjF,aAAa,CACd,CAAA;YAED,OAAO,CAAC,GAAG,CAAC,kBAAkB,QAAQ,WAAW,oBAAoB,CAAC,IAAI,sBAAsB,YAAY,CAAC,MAAM,QAAQ,CAAC,CAAA;YAC5H,IAAI,oBAAoB,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;gBACpC,OAAO,CAAC,IAAI,CAAC,2DAA2D,OAAO,aAAa,cAAc,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC,CAAA;gBACzI,IAAI,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC7D,OAAO,CAAC,GAAG,CAAC,gCAAgC,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;gBAC9E,CAAC;YACH,CAAC;YAED,mEAAmE;YACnE,IAAI,oBAAoB,CAAC,IAAI,KAAK,YAAY,CAAC,MAAM,EAAE,CAAC;gBACtD,MAAM,OAAO,GAAG,YAAY;qBACzB,MAAM,CAAC,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC,oBAAoB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;qBAC7D,GAAG,CAAC,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAA;gBAClC,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACvB,OAAO,CAAC,IAAI,CAAC,oBAAoB,OAAO,CAAC,MAAM,4CAA4C,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;gBAClH,CAAC;YACH,CAAC;YAED,yBAAyB;YACzB,KAAK,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,YAAY,EAAE,CAAC;gBAChE,MAAM,WAAW,GAAG,oBAAoB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;gBACtD,OAAO,CAAC,GAAG,CAAC,iBAAiB,QAAQ,KAAK,WAAW,EAAE,MAAM,IAAI,CAAC,2BAA2B,YAAY,CAAC,MAAM,WAAW,CAAC,CAAA;gBAE5H,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC7C,MAAM,iBAAiB,GAAG,IAAA,yCAAuB,EAAC,OAAO,CAAC,CAAA;oBAC1D,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBAC9D,MAAM,EAAE,SAAS,EAAE,iBAAiB,EAAE,cAAc,EAAE,GAAG,IAAA,wCAAsB,EAAC,YAAY,EAAE,iBAAiB,CAAC,CAAA;wBAChH,SAAS,CAAC,iBAAiB,IAAI,iBAAiB,CAAC,MAAM,GAAG,cAAc,CAAA;wBACxE,SAAS,CAAC,iBAAiB,IAAI,cAAc,CAAA;wBAC7C,KAAK,MAAM,SAAS,IAAI,iBAAiB,EAAE,CAAC;4BAC1C,IAAI,SAAS,CAAC,gBAAgB,KAAK,WAAW;gCAAE,SAAS,CAAC,iBAAiB,EAAE,CAAA;iCACxE,IAAI,SAAS,CAAC,gBAAgB,KAAK,YAAY;gCAAE,SAAS,CAAC,kBAAkB,EAAE,CAAA;4BACpF,aAAa,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;wBAC/B,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,oFAAoF;wBACpF,OAAO,CAAC,IAAI,CAAC,sCAAsC,QAAQ,gBAAgB,YAAY,CAAC,MAAM,WAAW,CAAC,CAAA;wBAC1G,SAAS,CAAC,iBAAiB,IAAI,YAAY,CAAC,MAAM,CAAA;wBAClD,SAAS,CAAC,iBAAiB,IAAI,YAAY,CAAC,MAAM,CAAA;wBAClD,qDAAqD;oBACvD,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,MAAM,EAAE,SAAS,EAAE,iBAAiB,EAAE,cAAc,EAAE,GAAG,IAAA,wCAAsB,EAAC,YAAY,EAAE,WAAW,CAAC,CAAA;oBAC1G,SAAS,CAAC,iBAAiB,IAAI,iBAAiB,CAAC,MAAM,GAAG,cAAc,CAAA;oBACxE,SAAS,CAAC,iBAAiB,IAAI,cAAc,CAAA;oBAC7C,KAAK,MAAM,SAAS,IAAI,iBAAiB,EAAE,CAAC;wBAC1C,IAAI,SAAS,CAAC,gBAAgB,KAAK,WAAW;4BAAE,SAAS,CAAC,iBAAiB,EAAE,CAAA;6BACxE,IAAI,SAAS,CAAC,gBAAgB,KAAK,YAAY;4BAAE,SAAS,CAAC,kBAAkB,EAAE,CAAA;wBACpF,aAAa,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;oBAC/B,CAAC;gBACH,CAAC;YACH,CAAC;QAEH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,sCAAsC,QAAQ,GAAG,EAAE,KAAK,CAAC,CAAA;YACvE,KAAK,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,YAAY,EAAE,CAAC;gBACtD,KAAK,MAAM,CAAC,IAAI,YAAY,EAAE,CAAC;oBAC7B,aAAa,CAAC,IAAI,CAAC;wBACjB,GAAG,CAAC;wBACJ,aAAa,EAAE,KAAK;wBACpB,gBAAgB,EAAE,eAAmC;wBACrD,eAAe,EAAE,oCAAoC;qBACtD,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,aAAa,CAAA;IACtB,CAAC,CAAA;IAED,qCAAqC;IACrC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,IAAI,8BAAoB,EAAE,CAAC;QACjE,MAAM,aAAa,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,8BAAoB,CAAC,CAAA;QACnE,MAAM,SAAS,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAC/D,OAAO,CAAC,GAAG,CAAC,0CAA0C,SAAS,cAAc,CAAC,CAAA;QAE9E,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAA;QAClE,KAAK,MAAM,YAAY,IAAI,OAAO,EAAE,CAAC;YACnC,iBAAiB,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAA;QACzC,CAAC;QACD,eAAe,IAAI,aAAa,CAAC,MAAM,CAAA;IACzC,CAAC;IACD,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAA;IAE5C,8BAA8B;IAC9B,KAAK,CAAC,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAA;IACnC,KAAK,CAAC,oBAAoB,GAAG,SAAS,CAAC,oBAAoB,CAAA;IAC3D,KAAK,CAAC,qBAAqB,GAAG,SAAS,CAAC,qBAAqB,CAAA;IAC7D,KAAK,CAAC,eAAe,GAAG,SAAS,CAAC,eAAe,CAAA;IACjD,KAAK,CAAC,aAAa,GAAG,SAAS,CAAC,aAAa,CAAA;IAC7C,KAAK,CAAC,iBAAiB,GAAG,SAAS,CAAC,iBAAiB,CAAA;IACrD,KAAK,CAAC,iBAAiB,GAAG,SAAS,CAAC,iBAAiB,CAAA;IACrD,KAAK,CAAC,iBAAiB,GAAG,SAAS,CAAC,iBAAiB,CAAA;IACrD,KAAK,CAAC,kBAAkB,GAAG,SAAS,CAAC,kBAAkB,CAAA;IAEvD,2BAA2B;IAC3B,MAAM,oBAAoB,GAAG,KAAK,CAAC,mBAAmB,GAAG,KAAK,CAAC,eAAe,CAAA;IAC9E,KAAK,CAAC,YAAY,GAAG,oBAAoB,GAAG,CAAC;QAC3C,CAAC,CAAC,KAAK,CAAC,eAAe,GAAG,oBAAoB;QAC9C,CAAC,CAAC,CAAC,CAAA;IAEL,uBAAuB;IACvB,MAAM,gBAAgB,GAAG,WAAW,CAAC,MAAM,GAAG,CAAC;QAC7C,CAAC,CAAC,CAAC,aAAa,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;QACjD,CAAC,CAAC,GAAG,CAAA;IACP,MAAM,gBAAgB,GAAG,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAA;IAE1D,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAA;IACzC,OAAO,CAAC,GAAG,CAAC,uBAAuB,KAAK,CAAC,aAAa,EAAE,CAAC,CAAA;IACzD,OAAO,CAAC,GAAG,CAAC,qBAAqB,KAAK,CAAC,iBAAiB,EAAE,CAAC,CAAA;IAC3D,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,iBAAiB,EAAE,CAAC,CAAA;IACxD,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,iBAAiB,EAAE,CAAC,CAAA;IACxD,OAAO,CAAC,GAAG,CAAC,mBAAmB,KAAK,CAAC,kBAAkB,EAAE,CAAC,CAAA;IAC1D,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAA;IAC/C,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAA;IAC/B,OAAO,CAAC,GAAG,CAAC,yBAAyB,gBAAgB,GAAG,CAAC,CAAA;IACzD,OAAO,CAAC,GAAG,CAAC,4BAA4B,eAAe,EAAE,CAAC,CAAA;IAC1D,OAAO,CAAC,GAAG,CAAC,4BAA4B,gBAAgB,IAAI,CAAC,CAAA;IAC7D,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAA;IAC/B,OAAO,CAAC,GAAG,CAAC,wBAAwB,KAAK,CAAC,oBAAoB,SAAS,CAAC,CAAA;IACxE,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,eAAe,SAAS,CAAC,CAAA;IAC5D,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,qBAAqB,SAAS,CAAC,CAAA;IAClE,OAAO,CAAC,GAAG,CAAC,wBAAwB,KAAK,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAA;IAErE,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,KAAK,EAAE,CAAA;AACtD,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB;IAC9B,oBAAoB,GAAG,IAAI,CAAA;AAC7B,CAAC"}

package/dist/layer3/anthropic/request-builder.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Request Builders for AI Validation
+ *
+ * Functions for building validation requests with full file context.
+ */
+import type { Vulnerability, ScanFile } from '../../types';
+import type { ProjectContext } from '../../utils/project-context-builder';
+/**
+ * Build a high-context validation request with full file content
+ */
+export declare function buildHighContextValidationRequest(file: ScanFile, findings: Vulnerability[], projectContext: ProjectContext): string;
+/**
+ * Build a multi-file validation request (Phase 2 optimization)
+ * Batches multiple files into a single API call to reduce overhead
+ */
+export declare function buildMultiFileValidationRequest(fileDataList: Array<{
+    file: ScanFile;
+    findings: Vulnerability[];
+}>, projectContext: ProjectContext): string;
+//# sourceMappingURL=request-builder.d.ts.map

package/dist/layer3/anthropic/request-builder.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"request-builder.d.ts","sourceRoot":"","sources":["../../../src/layer3/anthropic/request-builder.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAA;AAC1D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qCAAqC,CAAA;AAQzE;;GAEG;AACH,wBAAgB,iCAAiC,CAC/C,IAAI,EAAE,QAAQ,EACd,QAAQ,EAAE,aAAa,EAAE,EACzB,cAAc,EAAE,cAAc,GAC7B,MAAM,CAwCR;AAMD;;;GAGG;AACH,wBAAgB,+BAA+B,CAC7C,YAAY,EAAE,KAAK,CAAC;IAAE,IAAI,EAAE,QAAQ,CAAC;IAAC,QAAQ,EAAE,aAAa,EAAE,CAAA;CAAE,CAAC,EAClE,cAAc,EAAE,cAAc,GAC7B,MAAM,CA0ER"}

package/dist/layer3/anthropic/request-builder.js

@@ -0,0 +1,134 @@
+"use strict";
+/**
+ * Request Builders for AI Validation
+ *
+ * Functions for building validation requests with full file context.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildHighContextValidationRequest = buildHighContextValidationRequest;
+exports.buildMultiFileValidationRequest = buildMultiFileValidationRequest;
+const project_context_builder_1 = require("../../utils/project-context-builder");
+const path_helpers_1 = require("./utils/path-helpers");
+// ============================================================================
+// Single-File Request Builder
+// ============================================================================
+/**
+ * Build a high-context validation request with full file content
+ */
+function buildHighContextValidationRequest(file, findings, projectContext) {
+    // Add line numbers to full file content
+    const numberedContent = file.content
+        .split('\n')
+        .map((line, i) => `${String(i + 1).padStart(4, ' ')} | ${line}`)
+        .join('\n');
+    // Build candidate findings list
+    const candidatesText = findings.map((f, idx) => {
+        return `### Candidate ${idx}
+- **Rule**: ${f.title}
+- **Category**: ${f.category}
+- **Original Severity**: ${f.severity}
+- **Line**: ${f.lineNumber}
+- **Detection Layer**: ${f.layer}
+- **Description**: ${f.description}
+- **Flagged Code**: \`${f.lineContent.trim()}\``;
+    }).join('\n\n');
+    // Get file-specific context
+    const fileContext = (0, project_context_builder_1.getFileValidationContext)(file, projectContext);
+    return `## Project Context
+${projectContext.summary}
+
+${fileContext}
+
+## Full File Content
+\`\`\`${file.language || (0, path_helpers_1.getLanguageFromPath)(file.path)}
+${numberedContent}
+\`\`\`
+
+## Candidate Findings to Validate (${findings.length} total)
+
+${candidatesText}
+
+---
+
+Please validate each candidate finding. Return a JSON array with your decision for each.
+Remember: Be AGGRESSIVE in rejecting false positives. Use the full file context and project architecture to make informed decisions.`;
+}
+// ============================================================================
+// Multi-File Request Builder (Phase 2 Optimization)
+// ============================================================================
+/**
+ * Build a multi-file validation request (Phase 2 optimization)
+ * Batches multiple files into a single API call to reduce overhead
+ */
+function buildMultiFileValidationRequest(fileDataList, projectContext) {
+    const filesContent = fileDataList.map(({ file, findings }, fileIndex) => {
+        // Add line numbers to full file content
+        const numberedContent = file.content
+            .split('\n')
+            .map((line, i) => `${String(i + 1).padStart(4, ' ')} | ${line}`)
+            .join('\n');
+        // Build candidate findings list with file-specific indices
+        const candidatesText = findings.map((f, idx) => {
+            return `### Candidate ${idx}
+- **Rule**: ${f.title}
+- **Category**: ${f.category}
+- **Original Severity**: ${f.severity}
+- **Line**: ${f.lineNumber}
+- **Detection Layer**: ${f.layer}
+- **Description**: ${f.description}
+- **Flagged Code**: \`${f.lineContent.trim()}\``;
+        }).join('\n\n');
+        // Get file-specific context
+        const fileContext = (0, project_context_builder_1.getFileValidationContext)(file, projectContext);
+        return `
+================================================================================
+FILE ${fileIndex + 1}: ${file.path}
+================================================================================
+
+${fileContext}
+
+### Full File Content
+\`\`\`${file.language || (0, path_helpers_1.getLanguageFromPath)(file.path)}
+${numberedContent}
+\`\`\`
+
+### Candidate Findings to Validate (${findings.length} total)
+
+${candidatesText}`;
+    }).join('\n\n');
+    return `## Project Context
+${projectContext.summary}
+
+${filesContent}
+
+---
+
+## Response Format
+
+For EACH file, provide a JSON object with the file path and validation results.
+Return a JSON array where each element has:
+- "file": the file path (e.g., "${fileDataList[0]?.file.path || 'path/to/file.ts'}")
+- "validations": array of validation results for that file's candidates
+
+Example response format:
+\`\`\`json
+[
+  {
+    "file": "src/auth.ts",
+    "validations": [
+      { "index": 0, "keep": true, "adjustedSeverity": "medium", "notes": "Protected by middleware" },
+      { "index": 1, "keep": false }
+    ]
+  },
+  {
+    "file": "src/api.ts",
+    "validations": [
+      { "index": 0, "keep": true, "notes": "User input flows to SQL query" }
+    ]
+  }
+]
+\`\`\`
+
+Remember: Be AGGRESSIVE in rejecting false positives. Use the full file context and project architecture to make informed decisions.`;
+}
+//# sourceMappingURL=request-builder.js.map

package/dist/layer3/anthropic/request-builder.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"request-builder.js","sourceRoot":"","sources":["../../../src/layer3/anthropic/request-builder.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AAcH,8EA4CC;AAUD,0EA6EC;AA7ID,iFAA8E;AAC9E,uDAA0D;AAE1D,+EAA+E;AAC/E,8BAA8B;AAC9B,+EAA+E;AAE/E;;GAEG;AACH,SAAgB,iCAAiC,CAC/C,IAAc,EACd,QAAyB,EACzB,cAA8B;IAE9B,wCAAwC;IACxC,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO;SACjC,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC;SAC/D,IAAI,CAAC,IAAI,CAAC,CAAA;IAEb,gCAAgC;IAChC,MAAM,cAAc,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE;QAC7C,OAAO,iBAAiB,GAAG;cACjB,CAAC,CAAC,KAAK;kBACH,CAAC,CAAC,QAAQ;2BACD,CAAC,CAAC,QAAQ;cACvB,CAAC,CAAC,UAAU;yBACD,CAAC,CAAC,KAAK;qBACX,CAAC,CAAC,WAAW;wBACV,CAAC,CAAC,WAAW,CAAC,IAAI,EAAE,IAAI,CAAA;IAC9C,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;IAEf,4BAA4B;IAC5B,MAAM,WAAW,GAAG,IAAA,kDAAwB,EAAC,IAAI,EAAE,cAAc,CAAC,CAAA;IAElE,OAAO;EACP,cAAc,CAAC,OAAO;;EAEtB,WAAW;;;QAGL,IAAI,CAAC,QAAQ,IAAI,IAAA,kCAAmB,EAAC,IAAI,CAAC,IAAI,CAAC;EACrD,eAAe;;;qCAGoB,QAAQ,CAAC,MAAM;;EAElD,cAAc;;;;;qIAKqH,CAAA;AACrI,CAAC;AAED,+EAA+E;AAC/E,oDAAoD;AACpD,+EAA+E;AAE/E;;;GAGG;AACH,SAAgB,+BAA+B,CAC7C,YAAkE,EAClE,cAA8B;IAE9B,MAAM,YAAY,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,SAAS,EAAE,EAAE;QACtE,wCAAwC;QACxC,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO;aACjC,KAAK,CAAC,IAAI,CAAC;aACX,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC;aAC/D,IAAI,CAAC,IAAI,CAAC,CAAA;QAEb,2DAA2D;QAC3D,MAAM,cAAc,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE;YAC7C,OAAO,iBAAiB,GAAG;cACnB,CAAC,CAAC,KAAK;kBACH,CAAC,CAAC,QAAQ;2BACD,CAAC,CAAC,QAAQ;cACvB,CAAC,CAAC,UAAU;yBACD,CAAC,CAAC,KAAK;qBACX,CAAC,CAAC,WAAW;wBACV,CAAC,CAAC,WAAW,CAAC,IAAI,EAAE,IAAI,CAAA;QAC5C,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAEf,4BAA4B;QAC5B,MAAM,WAAW,GAAG,IAAA,kDAAwB,EAAC,IAAI,EAAE,cAAc,CAAC,CAAA;QAElE,OAAO;;OAEJ,SAAS,GAAG,CAAC,KAAK,IAAI,CAAC,IAAI;;;EAGhC,WAAW;;;QAGL,IAAI,CAAC,QAAQ,IAAI,IAAA,kCAAmB,EAAC,IAAI,CAAC,IAAI,CAAC;EACrD,eAAe;;;sCAGqB,QAAQ,CAAC,MAAM;;EAEnD,cAAc,EAAE,CAAA;IAChB,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;IAEf,OAAO;EACP,cAAc,CAAC,OAAO;;EAEtB,YAAY;;;;;;;;kCAQoB,YAAY,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,IAAI,IAAI,iBAAiB;;;;;;;;;;;;;;;;;;;;;;qIAsBoD,CAAA;AACrI,CAAC"}

package/dist/layer3/anthropic/types.d.ts

@@ -0,0 +1,88 @@
+/**
+ * Type definitions for AI validation module
+ */
+import type { Vulnerability, VulnerabilitySeverity, VulnerabilityCategory } from '../../types';
+export interface ValidationStats {
+    /** Total findings processed (input) */
+    totalFindings: number;
+    /** Findings that went through AI validation */
+    validatedFindings: number;
+    /** Findings confirmed as true positives */
+    confirmedFindings: number;
+    /** Findings dismissed as false positives */
+    dismissedFindings: number;
+    /** Findings with severity adjusted down */
+    downgradedFindings: number;
+    /** Findings auto-dismissed before AI (test files, etc.) */
+    autoDismissedFindings: number;
+    /** Estimated input tokens used */
+    estimatedInputTokens: number;
+    /** Estimated output tokens used */
+    estimatedOutputTokens: number;
+    /** Estimated cost in USD (based on Haiku pricing) */
+    estimatedCost: number;
+    /** Number of API calls made */
+    apiCalls: number;
+    /** Cache creation tokens (first write to cache) */
+    cacheCreationTokens: number;
+    /** Cache read tokens (subsequent reads from cache) */
+    cacheReadTokens: number;
+    /** Cache hit rate (0-1) */
+    cacheHitRate: number;
+}
+export interface AIValidationResult {
+    vulnerabilities: Vulnerability[];
+    stats: ValidationStats;
+}
+export interface ValidationResult {
+    index: number;
+    keep: boolean;
+    notes?: string;
+    adjustedSeverity?: VulnerabilitySeverity | null;
+    reason?: string;
+    validationNotes?: string;
+    impact?: string;
+    fixSuggestion?: string;
+}
+export interface AIFinding {
+    lineNumber: number;
+    severity: VulnerabilitySeverity;
+    category: VulnerabilityCategory;
+    title: string;
+    description: string;
+    suggestedFix: string;
+}
+export interface Layer3Context {
+    /** Middleware configuration from project scan */
+    middlewareConfig?: {
+        hasAuthMiddleware: boolean;
+        authType?: string;
+        protectedPaths: string[];
+    };
+    /** Auth helper context */
+    authHelpers?: {
+        hasThrowingHelpers: boolean;
+        summary: string;
+    };
+    /** Additional context string */
+    additionalContext?: string;
+}
+export interface AutoDismissRule {
+    name: string;
+    check: (finding: Vulnerability, fileContent?: string) => boolean;
+    reason: string;
+}
+export interface StatsAccumulator {
+    apiCalls: number;
+    estimatedInputTokens: number;
+    estimatedOutputTokens: number;
+    cacheReadTokens: number;
+    estimatedCost: number;
+    validatedFindings: number;
+    confirmedFindings: number;
+    dismissedFindings: number;
+    downgradedFindings: number;
+}
+export declare function createStatsAccumulator(): StatsAccumulator;
+export declare function createInitialStats(totalFindings: number): ValidationStats;
+//# sourceMappingURL=types.d.ts.map

package/dist/layer3/anthropic/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/layer3/anthropic/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,qBAAqB,EAAE,qBAAqB,EAAoB,MAAM,aAAa,CAAA;AAMhH,MAAM,WAAW,eAAe;IAC9B,uCAAuC;IACvC,aAAa,EAAE,MAAM,CAAA;IACrB,+CAA+C;IAC/C,iBAAiB,EAAE,MAAM,CAAA;IACzB,2CAA2C;IAC3C,iBAAiB,EAAE,MAAM,CAAA;IACzB,4CAA4C;IAC5C,iBAAiB,EAAE,MAAM,CAAA;IACzB,2CAA2C;IAC3C,kBAAkB,EAAE,MAAM,CAAA;IAC1B,2DAA2D;IAC3D,qBAAqB,EAAE,MAAM,CAAA;IAC7B,kCAAkC;IAClC,oBAAoB,EAAE,MAAM,CAAA;IAC5B,mCAAmC;IACnC,qBAAqB,EAAE,MAAM,CAAA;IAC7B,qDAAqD;IACrD,aAAa,EAAE,MAAM,CAAA;IACrB,+BAA+B;IAC/B,QAAQ,EAAE,MAAM,CAAA;IAChB,mDAAmD;IACnD,mBAAmB,EAAE,MAAM,CAAA;IAC3B,sDAAsD;IACtD,eAAe,EAAE,MAAM,CAAA;IACvB,2BAA2B;IAC3B,YAAY,EAAE,MAAM,CAAA;CACrB;AAED,MAAM,WAAW,kBAAkB;IACjC,eAAe,EAAE,aAAa,EAAE,CAAA;IAChC,KAAK,EAAE,eAAe,CAAA;CACvB;AAMD,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,MAAM,CAAA;IACb,IAAI,EAAE,OAAO,CAAA;IAEb,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,gBAAgB,CAAC,EAAE,qBAAqB,GAAG,IAAI,CAAA;IAE/C,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,eAAe,CAAC,EAAE,MAAM,CAAA;IAExB,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB;AAED,MAAM,WAAW,SAAS;IACxB,UAAU,EAAE,MAAM,CAAA;IAClB,QAAQ,EAAE,qBAAqB,CAAA;IAC/B,QAAQ,EAAE,qBAAqB,CAAA;IAC/B,KAAK,EAAE,MAAM,CAAA;IACb,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,EAAE,MAAM,CAAA;CACrB;AAMD,MAAM,WAAW,aAAa;IAC5B,iDAAiD;IACjD,gBAAgB,CAAC,EAAE;QACjB,iBAAiB,EAAE,OAAO,CAAA;QAC1B,QAAQ,CAAC,EAAE,MAAM,CAAA;QACjB,cAAc,EAAE,MAAM,EAAE,CAAA;KACzB,CAAA;IACD,0BAA0B;IAC1B,WAAW,CAAC,EAAE;QACZ,kBAAkB,EAAE,OAAO,CAAA;QAC3B,OAAO,EAAE,MAAM,CAAA;KAChB,CAAA;IACD,gCAAgC;IAChC,iBAAiB,CAAC,EAAE,MAAM,CAAA;CAC3B;AAMD,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,CAAC,OAAO,EAAE,aAAa,EAAE,WAAW,CAAC,EAAE,MAAM,KAAK,OAAO,CAAA;IAChE,MAAM,EAAE,MAAM,CAAA;CACf;AAMD,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,MAAM,CAAA;IAChB,oBAAoB,EAAE,MAAM,CAAA;IAC5B,qBAAqB,EAAE,MAAM,CAAA;IAC7B,eAAe,EAAE,MAAM,CAAA;IACvB,aAAa,EAAE,MAAM,CAAA;IACrB,iBAAiB,EAAE,MAAM,CAAA;IACzB,iBAAiB,EAAE,MAAM,CAAA;IACzB,iBAAiB,EAAE,MAAM,CAAA;IACzB,kBAAkB,EAAE,MAAM,CAAA;CAC3B;AAED,wBAAgB,sBAAsB,IAAI,gBAAgB,CAYzD;AAED,wBAAgB,kBAAkB,CAAC,aAAa,EAAE,MAAM,GAAG,eAAe,CAgBzE"}